<?php

	function tableOfUsers() {
		echo '<a href="index.php?action=addUser" >Add new user</a>';
		$header = array("User ID","Username","Level","E-mail");
		echo '<table border="1">';
		echo '<tr>';
		//Echo the table headers
		foreach($header as $s) {
			echo '<th>';
			echo	$s;
			echo '</th>';
		}	
		echo '</tr>';
		
		$sql = "SELECT * FROM users";
		$result = mysql_query($sql);
		echo mysql_error();
		
		while($row = mysql_fetch_assoc($result)) {
			echo '<tr>';
			echo 	'<td>';
			echo 		'<a href="index.php?action=modifyUser&userID='.$row['userID'].'" >';
			echo 			$row['userID'];
			echo 		'</a>';
			echo 	'</td>';
			echo 	'<td>';
			echo 		$row['username'];
			echo 	'</td>';
			echo 	'<td>';
			echo 		$row['level'];
			echo 	'</td>';
			echo 	'<td>';
			echo 		$row['email'];
			echo 	'</td>';
			echo '</tr>';
		}
		echo '</table>';
	}
	
	function modifyUser() {
		
		$sql = 'SELECT * FROM users WHERE userID='.$_GET['userID']; 
		$result = mysql_query($sql);
		
		echo '<h2>Change information</h2>';
		echo '<table border="1">';
		if($row = mysql_fetch_assoc($result)) {	
			
			
			echo" <form  method=\"post\" action=\"index.php?action=updateUser\">";
			echo" 	<table>";
			echo"		<tr>";
			echo"			<td>User ID:</td>";
			echo"			<td><input type=\"hidden\" name=\"userID\" value=\"".$row['userID']."\" /</td>";
			echo"		</tr>";
			echo"		<tr>";
			echo"			<td>Username:</td>";
			echo"			<td><input type=\"text\" name=\"username\" value=\"".$row['username']."\" required=\"required\" /></td>";
			echo"		</tr>";
			echo"		<tr>";
			echo"			<td>Password:</td>";
			echo'			<td><input type="password" name="password" value=""/></td>';
			echo"		</tr>";
			echo"		<tr>";
			echo"			<td>Level:</td>";
			echo"			<td><input type=\"text\" name=\"level\" value=\"".$row['level']."\" required=\"required\" /></td>";
			echo"		</tr>";
			echo"		<tr>";
			echo"			<td>E-mail:</td>";
			echo"			<td><input type=\"email\" name=\"email\" value=\"".$row['email']."\" required=\"required\" /></td>";
			echo"		</tr>";
			echo"		<tr>";
			echo"			<td></td>";
			echo"			<td><input type=\"submit\" value=\"Save\" /></td>";
			echo"		<tr>";
			echo"			<td></td>";
			echo"			<td><a href=index.php?action=deleteUser&userID=".$row['userID'].">Delete user</a></td>";
			echo"		</tr>";
			echo '</table>';
			echo" </form>";
		}
	}
	
	function addUser() {
		echo" <form  method=\"post\" action=\"index.php?action=confirmationAddUser\">";
		echo" 	<table>";
		echo"		<tr>";
		echo"			<td>Username:</td>";
		echo"			<td><input type=\"text\" name=\"username\" required=\"required\"/></td>";
		echo"		</tr>";
		echo"		<tr>";
		echo"			<td>Password:</td>";
		echo"			<td><input type=\"password\" name=\"password\" required=\"required\"/></td>";
		echo"		</tr>";
		echo"		<tr>";
		echo"			<td>Level:</td>";
		echo"			<td><input type=\"text\" name=\"level\" required=\"required\"/></td>";
		echo"		</tr>";
		echo"		<tr>";
		echo"			<td>E-mail:</td>";
		echo"			<td><input type=\"email\" name=\"email\" required=\"required\"/></td>";
		echo"		</tr>";
		echo"		<tr>";
		echo"			<td></td>";
		echo"			<td><input type=\"submit\" value=\"Save\" /></td>";	
		echo"		</tr>";
		echo"	</table>";
		echo"</form>";
	}
	
	function confirmationAddUser() {
		$error = 0;
		$error_text = "";
		if(empty($_POST['username'])){
			$error = 1;
			$error_text .= "No username has been entered.<br>";
		}
		if(empty($_POST['password'])){
			$error = 1;
			$error_text .= "No password has been entered.<br>";
		}
		if(empty($_POST['level'])){
			$error = 1;
			$error_text .= "No level has been entered.<br>";
		}
        if($_POST['level'] < 0 || $_POST['level'] > 2){
            $error = 1;
            $error_text .= "Level should be 1 (for user) or 2 (for admin).<br />";
        }
		if(empty($_POST['email'])){
			$error = 1;
			$error_text .= "No email address entered.<br>";
		}
		$sql = 'SELECT * FROM users WHERE username = '.$_POST['username'];
		$result = mysql_query($sql);
		if($result) {
			$error_text .= 'Username already in database, choose another username.<br>';
			$error = 1;
		}
		
		//If no error occur, insert into database
		if($error == 0){
		$sql = sprintf("INSERT INTO users(username,pass,level,email)
				VALUES ('%s','%s','%d','%s')",
				mysql_real_escape_string($_POST['username']),
				mysql_real_escape_string(crypt($_POST['password'],'$2b$z7$passstring$')),
				mysql_real_escape_string($_POST['level']),
				mysql_real_escape_string($_POST['email']));

				mysql_query($sql);
				echo mysql_error();	
				echo 'The user has been added. <a href="index.php?action=admin" >Go back.</a>';
		}
		else {
			echo $error_text;
			echo '<a href="index.php?action=admin" >Go back.</a>';
		}
	}
	
	function updateUser() {
		$error = 0;
		$error_text = "";
		if(empty($_POST['username'])){
			$error = 1;
			$error_text .= "No username has been entered.<br>";
		}
//		if(empty($_POST['password'])){
//			$error = 1;
//			$error_text .= "Er is geen password ingevuld.<br>";
//		}
		if(empty($_POST['level'])){
			$error = 1;
			$error_text .= "No level has been entered.<br>";
		}
        if($_POST['level'] < 0 || $_POST['level'] > 2){
            $error = 1;
            $error_text .= "Level should be 1 (for user) or 2 (for admin).<br />";
        }
		if(empty($_POST['email'])){
			$error = 1;
			$error_text .= "No email address has been entered.<br>";
		}
		$sql = 'SELECT * FROM users WHERE username = '.$_POST['username'];
		$result = mysql_query($sql);
       // echo($sql .'<br />'.$result);
		if($result) {
			$error_text .= 'Username already in database, choose another username.<br>';
			$error = 1;
		}
			
		if($error == 0){
            if(!empty($_POST['password'])) {
			$sql = sprintf("UPDATE users SET 
								username = '%s',
								level = '%s',
								email = '%s',
								pass =   '%s'
								WHERE userID = %d",
								mysql_real_escape_string($_POST['username']),
								mysql_real_escape_string($_POST['level']),
								mysql_real_escape_string($_POST['email']),
								mysql_real_escape_string(crypt($_POST['password'],'$2b$z7$passstring$')),
								mysql_real_escape_string($_POST['userID']));
        }
        else {
            $sql = sprintf("UPDATE users SET
								username = '%s',
								level = '%s',
								email = '%s'
								WHERE userID = %d",
                mysql_real_escape_string($_POST['username']),
                mysql_real_escape_string($_POST['level']),
                mysql_real_escape_string($_POST['email']),
                mysql_real_escape_string($_POST['userID']));
        }
            mysql_query($sql) or die(mysql_error());

			echo "The options of the user has been updated.";
		}
		else {
			echo $error_text;
			echo '<a href="index.php?action=admin" >Go back.</a>';
		}
	}	
	
	function deleteUser() {
		$sql = sprintf("DELETE FROM users WHERE userID = %d", mysql_real_escape_string($_GET['userID']));
		mysql_query($sql);
        echo "User has been deleted.";
	}
?>